Re: SameSite issues in Safari Browser (reference #RM5975)

Hi Rahul

On Wed, Nov 25, 2020 at 4:07 PM Rahul Shirsat <
rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:

> Hi Dave,
>
> Due to SameSite security issues in Safari Browser, some of the pgadmin4
> functionality isn't working (mostly the new tab functionality).
>
> The affected Safari Browser versions (marked in red) currently tested upon
> are:
>
> 1. v11.1.2
> 2. v12.1
> 3. v12.1.1
> 4. 13.1
> 5. 14.0.1
>
> Since v12, Safari have done some security fixes, due to which this issue
> has occurred. Strangely, the issue is not reproducible on v13, but
> reproducible on its successor i.e. v14
>
> Possible solutions could be:
>
> 1. Reporting this to Safari & raising an RM for tracking purposes.
> 2. Suggesting Safari users to make below changes in config.py or
> config_distro for the work around:
>
> *SESSION_COOKIE_SAMESITE = None*
>
> *SESSION_COOKIE_SECURE = True*
> (As we aren't going through any cross-site cookie transfer, this can be a
> handy option - but still risky..)
>
> I would suggest going with the 1st option or combination of both, but with
> caution.
>

In my opinion, we should go with both the options, as we have added the
above settings for security purposes.

>
> --
> *Rahul Shirsat*
> Software Engineer | EnterpriseDB Corporation.
>

--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*

*Mobile: +91 976-788-8246*